CVE-2026-2868 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'separatorIconSVG'

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Academy LMS versions = 3.5.3...

CVE-2025-60077

CVE-2025-60077 affects the WordPress YayPricing plugin (versions up to and including 3.5.3). The vulnerability is a Missing Authorization / Broken Access Control issue in which YayPricing allows access to functionality not properly constrained by ACLs. Root cause per connected sources is lack of ...

PT-2025-52135

Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through = 3.5.3...

WordPress plugin JetFormBuilder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin YayPricing versions = 3.5.3...

CVE-2025-54673

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through = 3.5.3...

CVE-2025-54673 WordPress Chartify plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through = 3.5.3...

WordPress plugin SHOUT 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Starbox Plugin < 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.3 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8239 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03e73e132e18 Credits Dmitrii Ignatyev Required privileg...

PT-2024-30635 · WordPress · Sina Extension For Elementor

Name of the Vulnerable Software and Affected Versions: The Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.5.3 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Sina Particle Layer...

PT-2024-30497 · WordPress · Sina Extension For Elementor

Name of the Vulnerable Software and Affected Versions: The Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.5.3 Description: The issue is related to DOM-Based Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated...

Dell Enterprise SONiC OS 资源管理错误漏洞

Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open-source network operating system from Dell, USA. A resource management error vulnerability exists in Dell Enterprise SONiC OS, versions 3.5.3, 4.0.0, 4.0.1, and 4.0.2, which stems from a security issue contained in the...

PT-2019-16965 · Ibm · Ibm Tririga Application Platform

Name of the Vulnerable Software and Affected Versions: IBM TRIRIGA Application Platform versions 3.5.3 through 3.6.0 Description: The issue allows a remote attacker to exploit an XML External Entity Injection XXE attack when processing XML data, potentially exposing sensitive information or...

Apache Zookeeper Buffer Overflow Vulnerability

Apache Zookeeper is a software project of the U.S. Apache Apache Software Foundation, which can provide open source distributed configuration services, synchronization services, and naming registry for large-scale distributed computing. A buffer overflow vulnerability exists in the C cli shell in...